<?php
	if(isset($_POST['passmd5']) && isset($_POST['newpass']))
	{
		include "connection.php";
		$u = $_POST['login'];
		$v = "GV";
		$x = strpos($u,$v);
		$pass_check = md5($_POST['passmd5']);
		$mk  = md5($_POST['newpass']);
		$passdb = "";
		$rep = "";
		if($x !== false)
		{
			$str = "SELECT * FROM giaovien WHERE MAGIAOVIEN='$u'";
			$r = mysql_query($str) or die(mysql_error($connect));
			$rs = mysql_fetch_array($r);
			$passdb = $rs['PASSWORD'];
			if($rs['PASSWORD'] == $pass_check)
			{
				$sql = "UPDATE giaovien SET PASSWORD='$mk' WHERE MAGIAOVIEN='$u'";
				$result = mysql_query($sql) or die(mysql_error($connect)); 
				$rep = "OK!";
			}
			else
			{
				$rep = "Mật khẩu cũ không đúng!";
			}
		}
		else
		{
			$str = "SELECT * FROM sinhvien WHERE MSSV='$u'";
			$r = mysql_query($str) or die(mysql_error($connect));
			$rs = mysql_fetch_array($r);
			$passdb = $rs['PASSWORD'];
			if($rs['PASSWORD'] == $pass_check)
			{
				$sql = "UPDATE sinhvien SET PASSWORD='$mk' WHERE MSSV='$u'";
				$result = mysql_query($sql) or die(mysql_error($connect)); 
				$rep = "OK!";
			}
			else
			{
				$rep = "Mật khẩu cũ không đúng!";
			}
		}
		echo $rep;
	}
?>